Btrfs: avoid double free of fs_info->qgroup_ulist

When btrfs_read_qgroup_config or btrfs_quota_enable return non-zero, we've
already freed the fs_info->qgroup_ulist. The final btrfs_free_qgroup_config
called from quota_disable makes another ulist_free(fs_info->qgroup_ulist)
call.

We set fs_info->qgroup_ulist to NULL on the mentioned error paths, turning
the ulist_free in btrfs_free_qgroup_config into a noop.

Cc: Wang Shilong <wangsl-fnst@cn.fujitsu.com>
Signed-off-by: Jan Schmidt <list.btrfs@jan-o-sch.net>
Signed-off-by: Josef Bacik <jbacik@fusionio.com>

diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c
index 74b432d..c6ce642 100644 (file)
--- a/fs/btrfs/qgroup.c
+++ b/fs/btrfs/qgroup.c
@@ -430,8 +430,10 @@ out:
        }
        btrfs_free_path(path);
 
-       if (ret < 0)
+       if (ret < 0) {
                ulist_free(fs_info->qgroup_ulist);
+               fs_info->qgroup_ulist = NULL;
+       }
 
        return ret < 0 ? ret : 0;
 }
@@ -932,8 +934,10 @@ out_free_root:
                kfree(quota_root);
        }
 out:
-       if (ret)
+       if (ret) {
                ulist_free(fs_info->qgroup_ulist);
+               fs_info->qgroup_ulist = NULL;
+       }
        mutex_unlock(&fs_info->qgroup_ioctl_lock);
        return ret;
 }